How governments can bounce back from security breaches

By DXC Technology and Dell

To quickly recover from data loss, preparation is key, IT industry experts tell GovInsider.

On 5 February 2021, hackers gained access to the water treatment system of Oldsmar, Florida. Adjusting the sodium hydroxide levels in the city’s water supply to over a hundred times its normal level, the hacker placed thousands at risk of being poisoned. Fortunately, an operator immediately noticed the intrusion and brought levels back to normal. The town emerged unscathed.

Such attacks can be a government’s worst cybersecurity nightmare. Although invasions of this severity are rare, cyber breaches are all too common and increasingly target governments and critical infrastructure.

In an increasingly hostile environment, how can governments equip themselves to minimise data loss and downtime, and bounce back quickly from security breaches?

Constant vigilance

As cyber threats become more sophisticated, it is no longer a question of ‘if’ a cyberattack can happen, but ‘when’, says Saravanan Krishnan, Dell Technologies’ South Asia Director of Data Protection Solutions. In response, government agencies must have “the plans to recover from such attacks and resume operations as quickly and cost-efficiently as possible.”

Agencies need to be proactive and alert, reviewing their security posture to ensure there are “no gaps or loopholes for cybercriminals to exploit,” Krishnan adds. For instance, they should schedule regular risk assessments to identify any weaknesses in data processing systems, and ascertain infrastructure readiness to ensure continual data security.

Additionally, security teams need to be able to physically separate backup data copies that cannot be touched by malware — the “last line of defence for data loss and corruption.”

Combined, these strategies offer organisations a good chance of bouncing back from breaches with minimal loss of data.

A coherent data protection solution

As agencies collect more data, more frequently, from more endpoints, data management practices have not always been able to keep pace. Data protection products may be purchased for point solutions but lack an overall strategy, making consistent management difficult.

Such a situation can lead to redundant tools and a less-than-optimal usage of security and business continuity teams’ time. More alarmingly, security systems may then hinge on IT teams’ manual effort to keep policies synchronised, increasing the risk of costly disruptions.

“Considering a single partner with an extensive portfolio of solutions is a surefire way to reduce complexity and mitigate the risk of downtime during an outage,” Krishnan says. The numbers reflect this. According to the Dell Technologies Global Data Protection Index 2020 Snapshot, organisations using a sole data protection vendor experience just a quarter of the downtime-related costs of other organisations, and one-twelfth of the data loss costs.

Flexible, cloud-compatible solutions

“Not all data is equally critical or important,” notes Gordon Heap, General Manager for Singapore Public Sector, DXC Technology. Governments need to adopt solutions that can evaluate their security needs, then quickly be adjusted to meet them.

An effective vendor would be equipped to analyse the agency’s environments, data sensitivity, and recovery requirements, and then configure data protection and recovery processes that are tailored to these business continuity requirements, Heap elaborates.

Furthermore, governments are increasingly embracing the cloud and IoT. As they transition, an effective post-cyberattack business continuity plan “has to address the fact data is dispersed across platforms including on-premise and the cloud”, says Heap. As such, it is essential for a security provider to be able to manage a combination of cloud and on-premise data protection requirements, depending on the agencies’ priorities.

Fully managed, dependable cyber recovery

In acquiring and consuming IT, less is more. Governments look for simplified services and increased efficiencies, to free up precious time and funding to focus on critical initiatives and overall strategic objectives, observes Krishnan.

To this end, DXC Technology and Dell Technologies have teamed up to provide a fuss-free suite of security services, from cyber recovery software to providing fully managed services from DXC Technology’s data protection teams, who are Dell-trained and -certified.

“These solutions combine the best of both companies’ expertise to handle user demands and overcome potential security threats”, allowing agencies to rise to the cyber challenges of an increasingly fast-paced world,” Krishnan concludes.

As data management becomes increasingly complex and cyber challenges mount, government agencies may not be able to prevent every attack. But staying alert and investing in a single, robust data protection solution can make all the difference in limiting risks and recovering quickly.